fd5529acfd
resolves: rhbz#1809453 Fix CVE-2022-2211 Denial of Service in --key parameter resolves: rhbz#2102721
48 lines
1.7 KiB
Diff
48 lines
1.7 KiB
Diff
From fe59e93b27e3bc17b5cc0874e103330e0000b210 Mon Sep 17 00:00:00 2001
|
|
From: Laszlo Ersek <lersek@redhat.com>
|
|
Date: Tue, 28 Jun 2022 13:57:01 +0200
|
|
Subject: [PATCH] customize: add reminder about "--key ID:clevis"
|
|
|
|
virt-customize already enables appliance networking by default;
|
|
conversely, if the user passes "--no-network", we shouldn't override that
|
|
for the sake of "--key ID:clevis". Add comments about clevis to the code.
|
|
|
|
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1809453
|
|
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
|
|
Message-Id: <20220628115702.5584-4-lersek@redhat.com>
|
|
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
(cherry picked from commit e52aea48cbcea3f3b538db0573b58517cbc33da0)
|
|
---
|
|
customize/customize_main.ml | 7 +++++++
|
|
1 file changed, 7 insertions(+)
|
|
|
|
diff --git a/customize/customize_main.ml b/customize/customize_main.ml
|
|
index 8a022342f..32b7eebdd 100644
|
|
--- a/customize/customize_main.ml
|
|
+++ b/customize/customize_main.ml
|
|
@@ -52,7 +52,11 @@ let main () =
|
|
let libvirturi = ref "" in
|
|
let memsize = ref None in
|
|
let set_memsize arg = memsize := Some arg in
|
|
+
|
|
+ (* Note that [--key ID:clevis] depends on this default. See more below, near
|
|
+ * [g#set_network network]. *)
|
|
let network = ref true in
|
|
+
|
|
let smp = ref None in
|
|
let set_smp arg = smp := Some arg in
|
|
|
|
@@ -159,6 +163,9 @@ read the man page virt-customize(1).
|
|
let g = open_guestfs () in
|
|
Option.may g#set_memsize memsize;
|
|
Option.may g#set_smp smp;
|
|
+ (* [--no-network] from the command line takes precedence over the automatic
|
|
+ * network enablement for [--key ID:clevis], so here we intentionally don't check
|
|
+ * [key_store_requires_network opthandle.ks]. *)
|
|
g#set_network network;
|
|
|
|
(* Add disks. *)
|
|
--
|
|
2.31.1
|
|
|